{"id":31216,"date":"2023-11-15T02:57:21","date_gmt":"2023-11-15T02:57:21","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=31216"},"modified":"2023-11-15T02:57:22","modified_gmt":"2023-11-15T02:57:22","slug":"titan","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/titan\/","title":{"rendered":"Titan – VMProtect Devirtualizer"},"content":{"rendered":"\n

I’m releasing my VMProtect devirtualizer for others to research, learn, and improve. This project started in 2018 as a hobby project and was rewritten at least 4 times. <\/p>\n\n\n\n

During my research, I’ve met with awesome people, made friends, and learned a lot. The tool is for educational purposes only, it works for vmprotect < 3.8 but produces less than ideal output.<\/p>\n\n\n\n

How Does It Work?<\/a><\/strong><\/h2>\n\n\n\n

The tool uses Triton<\/a> for emulation, symbolic execution, and lifting. The easiest way to match VM handlers is to match them on the Triton AST level. <\/p>\n\n\n\n

The tool symbolizes vip and vsp registers and propagates memory loads and stores. Almost every handler ends with the store (to the stack, vm register or memory). We take Triton AST of the value that is being stored and match against known patterns:<\/p>\n\n\n\n

\/\/ Match [vsp] + [vsp].\n\/\/\nstatic bool match_add(const triton::ast::SharedAbstractNode& ast)\n{\n    if (ast->getType() == triton::ast::EXTRACT_NODE)\n    {\n        return match_add(ast->getChildren()[2]->getChildren()[1]);\n    }\n    return ast->getType() == triton::ast::BVADD_NODE\n        && is_variable(ast->getChildren()[1], variable::vsp_fetch);\n}<\/code><\/pre>\n\n\n\n
No matter how obfuscated handlers are, it is possible to match them with a single x86 instruction! Once the handler is identified, it is lifted into a basic block. <\/p>\n\n\n\n
Once the basic block is terminated, the partial control-flow graph is computed and the RIP register is sliced, giving the address of the next basic block. <\/p>\n\n\n\n
The process repeats until no new basic blocks are found. Every basic block is lifted into separate LLVM function. The process of building control-flow graph comes down chaining calls to basic block functions in the right order. <\/p>\n\n\n\n
The tool has few custom LLVM passes like no-alias<\/code> and memory coalescing<\/code> passes. The only pass that is left to implement is flag synthesis<\/code> pass which will give the cleanest LLVM bitcode.<\/p>\n\n\n\n
Usage<\/a><\/strong><\/h2>\n\n\n\n
The tool requires 3 arguments:<\/p>\n\n\n\n
    \n
  • Path to vmprotect intrinsics file<\/li>\n\n\n\n
  • Path to virtualized binary<\/li>\n\n\n\n
  • Virtual address of vm entry point<\/li>\n<\/ul>\n\n\n\n
    .\/build\/titan\ntitan: for the -i option: must be specified at least once!\ntitan: for the -b option: must be specified at least once!\ntitan: for the -e option: must be specified at least once!\n.\/build\/titan -i intrinsics\/vmprotect64.ll -b samples\/loop_hash.0x140103FF4.exe -e 0x140103FF4\n\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
    I’m releasing my VMProtect devirtualizer for others to research, learn, and improve. This project started in 2018 as a hobby project and was rewritten at least 4 times. During my research, I’ve met with awesome people, made friends, and learned a lot. The tool is for educational purposes only, it works for vmprotect < 3.8 […]<\/p>\n","protected":false},"author":12,"featured_media":31294,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEirqSy8beSzRRCznqsFl960hiQLzKhtlvXzDTHyAQvZqkRz69EChcYnHohQvba7G3UTzedK4yzcbU2yp70gbxsOSXKLiWh9cMmqUw0FuFjze0XE2amz_4HOSZ_pLWDO12HgGXn6msusamfwPW4JDPJ_WEhuqsUsH-rx7MdXlQvn_JrasvyBmUZkgUwThA\/s16000\/Titan.webp","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[20],"tags":[737,6321,6052,6325,6408],"class_list":["post-31216","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","tag-cybersecurity","tag-informationsecurity","tag-kalilinux","tag-kalilinuxtools","tag-titan"],"yoast_head":"\nTitan - VMProtect Devirtualizer<\/title>\n<meta name=\"description\" content=\"I'm releasing my VMProtect devirtualizer for others to research, learn, and improve. This project started in 2018 as a hobby project and was\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/titan\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Titan - VMProtect Devirtualizer\" \/>\n<meta property=\"og:description\" content=\"I'm releasing my VMProtect devirtualizer for others to research, learn, and improve. This project started in 2018 as a hobby project and was\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/titan\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2023-11-15T02:57:21+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-11-15T02:57:22+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEirqSy8beSzRRCznqsFl960hiQLzKhtlvXzDTHyAQvZqkRz69EChcYnHohQvba7G3UTzedK4yzcbU2yp70gbxsOSXKLiWh9cMmqUw0FuFjze0XE2amz_4HOSZ_pLWDO12HgGXn6msusamfwPW4JDPJ_WEhuqsUsH-rx7MdXlQvn_JrasvyBmUZkgUwThA\/s16000\/Titan.webp\" \/>\n<meta name=\"author\" content=\"Varshini\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEirqSy8beSzRRCznqsFl960hiQLzKhtlvXzDTHyAQvZqkRz69EChcYnHohQvba7G3UTzedK4yzcbU2yp70gbxsOSXKLiWh9cMmqUw0FuFjze0XE2amz_4HOSZ_pLWDO12HgGXn6msusamfwPW4JDPJ_WEhuqsUsH-rx7MdXlQvn_JrasvyBmUZkgUwThA\/s16000\/Titan.webp\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Varshini\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/titan\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/titan\/\"},\"author\":{\"name\":\"Varshini\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa\"},\"headline\":\"Titan – VMProtect Devirtualizer\",\"datePublished\":\"2023-11-15T02:57:21+00:00\",\"dateModified\":\"2023-11-15T02:57:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/titan\/\"},\"wordCount\":284,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/titan\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEirqSy8beSzRRCznqsFl960hiQLzKhtlvXzDTHyAQvZqkRz69EChcYnHohQvba7G3UTzedK4yzcbU2yp70gbxsOSXKLiWh9cMmqUw0FuFjze0XE2amz_4HOSZ_pLWDO12HgGXn6msusamfwPW4JDPJ_WEhuqsUsH-rx7MdXlQvn_JrasvyBmUZkgUwThA\/s16000\/Titan.webp\",\"keywords\":[\"cybersecurity\",\"informationsecurity\",\"kalilinux\",\"kalilinuxtools\",\"Titan\"],\"articleSection\":[\"Cyber security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/titan\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/titan\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/titan\/\",\"name\":\"Titan - VMProtect Devirtualizer\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/titan\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/titan\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEirqSy8beSzRRCznqsFl960hiQLzKhtlvXzDTHyAQvZqkRz69EChcYnHohQvba7G3UTzedK4yzcbU2yp70gbxsOSXKLiWh9cMmqUw0FuFjze0XE2amz_4HOSZ_pLWDO12HgGXn6msusamfwPW4JDPJ_WEhuqsUsH-rx7MdXlQvn_JrasvyBmUZkgUwThA\/s16000\/Titan.webp\",\"datePublished\":\"2023-11-15T02:57:21+00:00\",\"dateModified\":\"2023-11-15T02:57:22+00:00\",\"description\":\"I'm releasing my VMProtect devirtualizer for others to research, learn, and improve. This project started in 2018 as a hobby project and was\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/titan\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/titan\/#primaryimage\",\"url\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEirqSy8beSzRRCznqsFl960hiQLzKhtlvXzDTHyAQvZqkRz69EChcYnHohQvba7G3UTzedK4yzcbU2yp70gbxsOSXKLiWh9cMmqUw0FuFjze0XE2amz_4HOSZ_pLWDO12HgGXn6msusamfwPW4JDPJ_WEhuqsUsH-rx7MdXlQvn_JrasvyBmUZkgUwThA\/s16000\/Titan.webp\",\"contentUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEirqSy8beSzRRCznqsFl960hiQLzKhtlvXzDTHyAQvZqkRz69EChcYnHohQvba7G3UTzedK4yzcbU2yp70gbxsOSXKLiWh9cMmqUw0FuFjze0XE2amz_4HOSZ_pLWDO12HgGXn6msusamfwPW4JDPJ_WEhuqsUsH-rx7MdXlQvn_JrasvyBmUZkgUwThA\/s16000\/Titan.webp\",\"width\":\"1600\",\"height\":\"900\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa\",\"name\":\"Varshini\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g\",\"caption\":\"Varshini\"},\"description\":\"Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.\",\"sameAs\":[\"http:\/\/kalilinuxtutorials.com\",\"https:\/\/www.linkedin.com\/in\/senthamil-selvan-14043a285\/\"],\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/vinayakagrawal\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Titan - VMProtect Devirtualizer","description":"I'm releasing my VMProtect devirtualizer for others to research, learn, and improve. This project started in 2018 as a hobby project and was","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/titan\/","og_locale":"en_US","og_type":"article","og_title":"Titan - VMProtect Devirtualizer","og_description":"I'm releasing my VMProtect devirtualizer for others to research, learn, and improve. This project started in 2018 as a hobby project and was","og_url":"https:\/\/kalilinuxtutorials.com\/titan\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2023-11-15T02:57:21+00:00","article_modified_time":"2023-11-15T02:57:22+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEirqSy8beSzRRCznqsFl960hiQLzKhtlvXzDTHyAQvZqkRz69EChcYnHohQvba7G3UTzedK4yzcbU2yp70gbxsOSXKLiWh9cMmqUw0FuFjze0XE2amz_4HOSZ_pLWDO12HgGXn6msusamfwPW4JDPJ_WEhuqsUsH-rx7MdXlQvn_JrasvyBmUZkgUwThA\/s16000\/Titan.webp","type":"","width":"","height":""}],"author":"Varshini","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEirqSy8beSzRRCznqsFl960hiQLzKhtlvXzDTHyAQvZqkRz69EChcYnHohQvba7G3UTzedK4yzcbU2yp70gbxsOSXKLiWh9cMmqUw0FuFjze0XE2amz_4HOSZ_pLWDO12HgGXn6msusamfwPW4JDPJ_WEhuqsUsH-rx7MdXlQvn_JrasvyBmUZkgUwThA\/s16000\/Titan.webp","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"Varshini","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/titan\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/titan\/"},"author":{"name":"Varshini","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa"},"headline":"Titan – VMProtect Devirtualizer","datePublished":"2023-11-15T02:57:21+00:00","dateModified":"2023-11-15T02:57:22+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/titan\/"},"wordCount":284,"commentCount":0,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/titan\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEirqSy8beSzRRCznqsFl960hiQLzKhtlvXzDTHyAQvZqkRz69EChcYnHohQvba7G3UTzedK4yzcbU2yp70gbxsOSXKLiWh9cMmqUw0FuFjze0XE2amz_4HOSZ_pLWDO12HgGXn6msusamfwPW4JDPJ_WEhuqsUsH-rx7MdXlQvn_JrasvyBmUZkgUwThA\/s16000\/Titan.webp","keywords":["cybersecurity","informationsecurity","kalilinux","kalilinuxtools","Titan"],"articleSection":["Cyber security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kalilinuxtutorials.com\/titan\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/titan\/","url":"https:\/\/kalilinuxtutorials.com\/titan\/","name":"Titan - VMProtect Devirtualizer","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/titan\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/titan\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEirqSy8beSzRRCznqsFl960hiQLzKhtlvXzDTHyAQvZqkRz69EChcYnHohQvba7G3UTzedK4yzcbU2yp70gbxsOSXKLiWh9cMmqUw0FuFjze0XE2amz_4HOSZ_pLWDO12HgGXn6msusamfwPW4JDPJ_WEhuqsUsH-rx7MdXlQvn_JrasvyBmUZkgUwThA\/s16000\/Titan.webp","datePublished":"2023-11-15T02:57:21+00:00","dateModified":"2023-11-15T02:57:22+00:00","description":"I'm releasing my VMProtect devirtualizer for others to research, learn, and improve. This project started in 2018 as a hobby project and was","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/titan\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/titan\/#primaryimage","url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEirqSy8beSzRRCznqsFl960hiQLzKhtlvXzDTHyAQvZqkRz69EChcYnHohQvba7G3UTzedK4yzcbU2yp70gbxsOSXKLiWh9cMmqUw0FuFjze0XE2amz_4HOSZ_pLWDO12HgGXn6msusamfwPW4JDPJ_WEhuqsUsH-rx7MdXlQvn_JrasvyBmUZkgUwThA\/s16000\/Titan.webp","contentUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEirqSy8beSzRRCznqsFl960hiQLzKhtlvXzDTHyAQvZqkRz69EChcYnHohQvba7G3UTzedK4yzcbU2yp70gbxsOSXKLiWh9cMmqUw0FuFjze0XE2amz_4HOSZ_pLWDO12HgGXn6msusamfwPW4JDPJ_WEhuqsUsH-rx7MdXlQvn_JrasvyBmUZkgUwThA\/s16000\/Titan.webp","width":"1600","height":"900"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa","name":"Varshini","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g","caption":"Varshini"},"description":"Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.","sameAs":["http:\/\/kalilinuxtutorials.com","https:\/\/www.linkedin.com\/in\/senthamil-selvan-14043a285\/"],"url":"https:\/\/kalilinuxtutorials.com\/author\/vinayakagrawal\/"}]}},"jetpack_featured_media_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEirqSy8beSzRRCznqsFl960hiQLzKhtlvXzDTHyAQvZqkRz69EChcYnHohQvba7G3UTzedK4yzcbU2yp70gbxsOSXKLiWh9cMmqUw0FuFjze0XE2amz_4HOSZ_pLWDO12HgGXn6msusamfwPW4JDPJ_WEhuqsUsH-rx7MdXlQvn_JrasvyBmUZkgUwThA\/s16000\/Titan.webp","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":31254,"url":"https:\/\/kalilinuxtutorials.com\/novmp\/","url_meta":{"origin":31216,"position":0},"title":"NoVmp – Unlocking VMProtect x64 With VTIL-Powered Devirtualization","author":"Varshini","date":"November 14, 2023","format":false,"excerpt":"Welcome to the world of NoVmp, a groundbreaking project that aims to unravel the complexities of VMProtect x64 3.0 - 3.5. In this article, we'll dive into the intriguing realm of devirtualization, exploring how NoVmp utilizes VTIL (Virtual-machine Translation Intermediate Language) to breathe new life into protected binaries. Get ready\u2026","rel":"","context":"In "Cyber security"","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiiVbYOVISLX7L_vk2kiGyjxlHIIlomVd4MpHJvbWQemLenGTzbFKmmqhQYPguMDdFZVs0v22tUp6j1YaEqvIIMxEtBZwumyPXCEj_j_JdOb0JWHjotY6FKXawDo3Cx4MiZlOuNRkjUlqPn-nM35Tx53Ju90jLkDYZHQ-YPepbo_QV1cS-oE1M129r06w\/s16000\/NOVmp.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiiVbYOVISLX7L_vk2kiGyjxlHIIlomVd4MpHJvbWQemLenGTzbFKmmqhQYPguMDdFZVs0v22tUp6j1YaEqvIIMxEtBZwumyPXCEj_j_JdOb0JWHjotY6FKXawDo3Cx4MiZlOuNRkjUlqPn-nM35Tx53Ju90jLkDYZHQ-YPepbo_QV1cS-oE1M129r06w\/s16000\/NOVmp.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiiVbYOVISLX7L_vk2kiGyjxlHIIlomVd4MpHJvbWQemLenGTzbFKmmqhQYPguMDdFZVs0v22tUp6j1YaEqvIIMxEtBZwumyPXCEj_j_JdOb0JWHjotY6FKXawDo3Cx4MiZlOuNRkjUlqPn-nM35Tx53Ju90jLkDYZHQ-YPepbo_QV1cS-oE1M129r06w\/s16000\/NOVmp.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiiVbYOVISLX7L_vk2kiGyjxlHIIlomVd4MpHJvbWQemLenGTzbFKmmqhQYPguMDdFZVs0v22tUp6j1YaEqvIIMxEtBZwumyPXCEj_j_JdOb0JWHjotY6FKXawDo3Cx4MiZlOuNRkjUlqPn-nM35Tx53Ju90jLkDYZHQ-YPepbo_QV1cS-oE1M129r06w\/s16000\/NOVmp.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiiVbYOVISLX7L_vk2kiGyjxlHIIlomVd4MpHJvbWQemLenGTzbFKmmqhQYPguMDdFZVs0v22tUp6j1YaEqvIIMxEtBZwumyPXCEj_j_JdOb0JWHjotY6FKXawDo3Cx4MiZlOuNRkjUlqPn-nM35Tx53Ju90jLkDYZHQ-YPepbo_QV1cS-oE1M129r06w\/s16000\/NOVmp.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiiVbYOVISLX7L_vk2kiGyjxlHIIlomVd4MpHJvbWQemLenGTzbFKmmqhQYPguMDdFZVs0v22tUp6j1YaEqvIIMxEtBZwumyPXCEj_j_JdOb0JWHjotY6FKXawDo3Cx4MiZlOuNRkjUlqPn-nM35Tx53Ju90jLkDYZHQ-YPepbo_QV1cS-oE1M129r06w\/s16000\/NOVmp.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":11517,"url":"https:\/\/kalilinuxtutorials.com\/vmpdump\/","url_meta":{"origin":31216,"position":1},"title":"VMPDump : A Dynamic VMP Dumper And Import Fixer","author":"R K","date":"September 24, 2020","format":false,"excerpt":"VMPDump is a dynamic VMP dumper and import fixer, powered by VTIL. Works for VMProtect 3.X x64. Before vs After Usage VMPDump.exe <Target PID> \"<Target Module>\" [-ep=<Entry Point RVA>] [-disable-reloc] Arguments: <Target PID>: The ID of the target process, in decimal or hex form.<Target Module>: The name of the module\u2026","rel":"","context":"In "Kali Linux"","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3423,"url":"https:\/\/kalilinuxtutorials.com\/triton-dynamic-binary-analysis\/","url_meta":{"origin":31216,"position":2},"title":"Triton – Dynamic Binary Analysis (DBA) Framework","author":"R K","date":"December 8, 2018","format":false,"excerpt":"Triton is a Dynamic Binary Analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a Taint Engine, AST representations of the x86 and the x86-64 instructions set semantics, SMT simplification passes, an SMT Solver Interface and, the last but not least, Python bindings. Based on\u2026","rel":"","context":"In "Kali Linux"","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/12\/Triton.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":12293,"url":"https:\/\/kalilinuxtutorials.com\/after-the-2019-mitsubishi-triton-athlete-run-is-it-worth-buying\/","url_meta":{"origin":31216,"position":3},"title":"After The 2019 Mitsubishi Triton Athlete Run, Is It Worth Buying?","author":"Linumonk","date":"March 13, 2021","format":false,"excerpt":"Mitsubishi Triton has a rich history dating back to 1974 which is probably the reason it stands out in the midst of the compact pickup tracks long list. Mitsubishi Motors Thailand launched the updated 2019 Triton with a new facial look, stronger suspension, improved automatic transmission system and a rear\u2026","rel":"","context":"In "TECH"","block_context":{"text":"TECH","link":"https:\/\/kalilinuxtutorials.com\/category\/tech\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5259,"url":"https:\/\/kalilinuxtutorials.com\/vthunting-script-virus-total-hunting\/","url_meta":{"origin":31216,"position":4},"title":"VTHunting : A Tiny Script Used to Generate Report About Virus Total Hunting","author":"R K","date":"June 6, 2019","format":false,"excerpt":"VTHunting is a tiny tool based on the VT api version 3 to run daily, weekly or monthly report about malware hunting. The report can be send via email, Slack channel or Telegram. The tool can also be used in cli to get a report anytime. The default number of\u2026","rel":"","context":"In "Kali Linux"","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":27560,"url":"https:\/\/kalilinuxtutorials.com\/protectmytooling\/","url_meta":{"origin":31216,"position":5},"title":"ProtectMyTooling : Multi-Packer Wrapper Letting Us Daisy-Chain Various Packers, Obfuscators And Other Red Team Oriented Weaponry","author":"R K","date":"November 8, 2022","format":false,"excerpt":"ProtectMyTooling is a script that wraps around multitude of packers, protectors, obfuscators, shellcode loaders, encoders, generators to produce complex protected Red Team implants. Your perfect companion in Malware Development CI\/CD pipeline, helping watermark your artifacts, collect IOCs, backdoor and more. ProtectMyToolingGUI.py With ProtectMyTooling you can quickly obfuscate your binaries without\u2026","rel":"","context":"In "Kali Linux"","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhSKGFPM_KojZEjFJ2K9TDcmJ0kuVNoeM_64Urm4n5e42LE0AiR3EbGH5QVkabBTCxgcWLp_Hd5GB1c4yp9fVHYhzRFuvjNnsM9SWmORi2wLTl9CyiNkNi6DFM4cYIDQBUSDmS9ruzjH5vzAlrlX_EjT4tok7373oJlVkqmP3BaSWDk9PcdBSUASyj7\/s728\/ProtectMyTooling.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhSKGFPM_KojZEjFJ2K9TDcmJ0kuVNoeM_64Urm4n5e42LE0AiR3EbGH5QVkabBTCxgcWLp_Hd5GB1c4yp9fVHYhzRFuvjNnsM9SWmORi2wLTl9CyiNkNi6DFM4cYIDQBUSDmS9ruzjH5vzAlrlX_EjT4tok7373oJlVkqmP3BaSWDk9PcdBSUASyj7\/s728\/ProtectMyTooling.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhSKGFPM_KojZEjFJ2K9TDcmJ0kuVNoeM_64Urm4n5e42LE0AiR3EbGH5QVkabBTCxgcWLp_Hd5GB1c4yp9fVHYhzRFuvjNnsM9SWmORi2wLTl9CyiNkNi6DFM4cYIDQBUSDmS9ruzjH5vzAlrlX_EjT4tok7373oJlVkqmP3BaSWDk9PcdBSUASyj7\/s728\/ProtectMyTooling.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhSKGFPM_KojZEjFJ2K9TDcmJ0kuVNoeM_64Urm4n5e42LE0AiR3EbGH5QVkabBTCxgcWLp_Hd5GB1c4yp9fVHYhzRFuvjNnsM9SWmORi2wLTl9CyiNkNi6DFM4cYIDQBUSDmS9ruzjH5vzAlrlX_EjT4tok7373oJlVkqmP3BaSWDk9PcdBSUASyj7\/s728\/ProtectMyTooling.png?resize=700%2C400&ssl=1 2x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/31216","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=31216"}],"version-history":[{"count":3,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/31216\/revisions"}],"predecessor-version":[{"id":31295,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/31216\/revisions\/31295"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/31294"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=31216"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=31216"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=31216"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}